‹ All episodes

URMIA Matters

Episode 18: The Revitalized URMIA Risk Inventory

June 03, 2020 Jenny Whittington hosts Brian Burns and Lou Drapeau Season 1 Episode 18
URMIA Matters
Episode 18: The Revitalized URMIA Risk Inventory
Info
URMIA Matters
Episode 18: The Revitalized URMIA Risk Inventory
Jun 03, 2020 Season 1 Episode 18
Jenny Whittington hosts Brian Burns and Lou Drapeau

The URMIA Risk Inventory – an organic, member-curated compilation of risks common to colleges and universities – has just been updated by an URMIA volunteer task force. Lou Drapeau, URMIA resource manager and leader of the task force, and URMIA member Brian Burns, director of compliance and risk management at the Wentworth Institute of Technology, give an overview of what’s new in this resource, how it can be used by risk managers for ERM and other purposes, and how anyone can contribute to it.

Show Notes [member-only content, login required]

Connect with URMIA & URMIA with your network
-Share /Tag in Social Media @urmianetwork
-Not a member? Join ->www.urmia.org/join
-Email | contactus@urmia.org

Give URMIA Matters a boost:
-Give the podcast a 5 star rating
-Share the podcast - click that button!
-Follow on your podcast platform - don't miss an episode!

Thanks for listening to URMIA Matters!

Share
Apple Podcasts Spotify Amazon Music Podcast Index Overcast Stitcher +
Show Notes Transcript

The URMIA Risk Inventory – an organic, member-curated compilation of risks common to colleges and universities – has just been updated by an URMIA volunteer task force. Lou Drapeau, URMIA resource manager and leader of the task force, and URMIA member Brian Burns, director of compliance and risk management at the Wentworth Institute of Technology, give an overview of what’s new in this resource, how it can be used by risk managers for ERM and other purposes, and how anyone can contribute to it.

Show Notes [member-only content, login required]

Connect with URMIA & URMIA with your network
-Share /Tag in Social Media @urmianetwork
-Not a member? Join ->www.urmia.org/join
-Email | contactus@urmia.org

Give URMIA Matters a boost:
-Give the podcast a 5 star rating
-Share the podcast - click that button!
-Follow on your podcast platform - don't miss an episode!

Thanks for listening to URMIA Matters!

Jenny: Hello everyone, and welcome to URMIA matters. I am your host, Jenny Whittington, and URMIAs Executive Director, and pleased to be doing this podcast remotely in our new-normal world. I have two wonderful guests with me, Lou Drapeau on the URMIA staff and Brian Burns, and I am going to turn it over first to Brian to give a little history about his involvement with URMIA and his path in higher education risk management, so welcome Brian, and thanks for being with us. 


Brian: Thank you, Jenny. I’m glad to be here, even if it’s remote. I’ve been in higher education risk management since 2003. I’ve been in higher education my entire professional life. I had a co-op job at Northeastern University that I kept for 27 or 28 years, so I was very lucky in that regard and have been a member or URMIA since 2003 and I wouldn’t be a successful risk manager without the membership at URMIA supporting me, so I’m very glad to be here. 


Jenny: So, explain to me the co-op. What does that mean? How did you do that? 


Brian: Northeastern is a cooperative education school and it provides an experiential part of your academic career by giving you a job. You actually become an employee of another company for a period of six months at a time and you actually go out and work for that other company and you take the lessons you learn in school and apply them to your job and take the lessons you learn in your job and apply them to your schoolwork as you go on, so it really gives you the opportunity to gain the experience while you are getting your education so it’s a really good model. 


Jenny: That’s great. I believe you have your J. D., correct? Is that from Northeastern as well?


Brian: I do. No, after I graduated from Northeastern I took a job with Northeastern full time and I had always wanted to go to law school so I had made the promise to myself I’d work for a year and then go back to law school or I’d get into a law school at night and go at night, so I was lucky enough to get into Suffolk University Law School at night my first year and I did my four years expecting to leave higher education and go practice as an attorney and that was a big year for economic downturn and courts all closed and did away with clerkships and the law practices were all downsizing so I stayed where I was and did a good job.


Jenny: Tell me about your position now.


Brian: So no I’m the Director of Compliance and Risk Management at the Wentworth Institute of Technology, which is right next door to Northeastern. I left Northeastern a few years back, came to Wentworth and saved about seven blocks of my commute. Wentworth is another cooperative education school. It’s a small to medium sized technology institute and it’s a really good place to be. 


Jenny: How many students are at Wentworth? 


Brian: We’re about 4400. We hope to be about 4400 in the fall, but we’re about 4400 total enrollment. 


Jenny: Awesome. Well, thanks for that little introduction about yourself, and Lou I will turn it to you as well. Lou is a part of the staff here, he’s one of our subject matter experts and serves as our resource manager. So, Lou, give our listeners a little bit of Lou history. 


Lou: Okay. I came to higher education risk management a little bit later in my career than most people. I started out as a Municipal Risk Manager, then I was the Risk Manager for a supplier to the auto industry, and I retired from there and then I was Director of Risk Management at the University of Kentucky from November 2003 to November 2015. I’ve been an URMIA member since 2003 and the thing I particularly enjoyed about URMIA was the conferences because they were directed right at higher education, which was perfect for me, being new to higher education, and learning a lot of new tricks. 


Jenny: Great. Okay, before we dive into the risk inventory, I forgot to ask Brian his favorite URMIA conference. So, can you share which was your favorite URMIA conference, Brian? 


Brian: The first one I went to was really good and that was Charleston and that was... I learned so much at that one. It was excellent. San Diego sticks out too. 


Jenny: Charleston was my first URMIA conference, too. I didn’t know we had that in common. 


Brian: There we go. Now we’re joined at the hip. 


Jenny: How about you, Lou? I may have asked you that in our other interview, but I can’t recall. 


Lou: Actually I didn’t get to go to a lot of URMIA conferences my first few years at the University of Kentucky. My assistant went and I was going to RIMS conferences. My first one was actually Louisville in 2014, and I really enjoyed that. It was a really good conference. 


Jenny: Yeah, excellent. Well, thank you both for your stories there. So, today we are talking about URMIAs Risk Inventory, and we’ve had this tool as part of our took kit for the last few years, and Lou was actually tasked this year with creating a task force and kind of revitalizing the Risk Inventory, having kind of a group of peers review it. So, Lou, can you kind of walk us through what your group looked at and some of the improvements that you put into the tool?


Lou: Sure. Basically our task was to upgrade and revise the Risk Inventory to make it a little bit more usable for our membership, and so we started out, and we asked the task force members, we had 10 people on the task force, and we asked them how they use the Risk Inventory, and various people make various uses out of it. There were actually a couple of people on the task force who had not previously used it, and they said “well, gee I don’t know if I’ll be very helpful to the task force” and I said “no, that’s great. We need somebody who maybe hasn’t looked at it before and maybe could give us some input from a new users’ viewpoint”. So, the first thing we did was, we wanted to do a survey of the entire membership to find out how they were using the Risk Inventory and we were surprised to find out that there were a lot of people who didn’t even know that it existed, unfortunately. So, we figured that one of our major tasks was to make people aware of it. So then going from there we looked at the Risk Inventory itself and made some suggestions on how it could be improved, and we looked at perhaps changing platforms, but we really decided that the most usable platform was to leave it as an excel spreadsheet, and go from there. That would make it most usable for the largest number of our members. Do you want me to go into some of the changes that we’ve talked about or is that the next step?


Jenny: Yeah, I do, and I’d love to just give a little definition. So when you open up to the Risk Inventory it says the Risk Inventory provides a list of risks common to colleges and universities, organized into 23 groups and sorted into 5 risk areas. So, for anybody who is listening who didn’t have any idea what it looked like and you haven’t opened it up, I’d encourage you to log into your URMIA account and download it, and we’ll definitely have a link right to it into the show notes, but yeah, keep going Lou and tell us a little more about that.


Lou: Okay, well the Risk Inventory currently contains some 305 risks that are, as you said, divided into 5 classifications: strategic, operational, reporting, compliance, and reputational, and then further broken down into the 23 categories, and those 23 categories I’m not going to name all 23 of them, are things like property, public safety, technology- things like that so that you can sort your risks into different areas as you’re trying to analyze them or split them up among departments within your institution, and the intent of the Risk Inventory is to be continually updated, and the way we do that is whenever any of our members have a risk that they have identified they don’t find on the Risk Inventory, they let us know about that risk, or if they see something that maybe needs a little further description in some of the risks that are already there, if they let us know that we will upgrade it immediately. So, as we said, as a part of this strategic plan the task force was appointed to review the Risk Inventory and make recommendations, and where we’re headed with that is that it looks like we’re going to add several tabs to the excel worksheet. One of the things that we used to do, and it was a separate document, which really didn’t make a lot of sense, is we needed to let people know what the changes were to the risk inventory since the last time they had looked at it, and so that was a separate document, which was kind of a little bit unwieldy so we decided to add that into the same document so when you open the Risk Inventory you’ll be able to see what new risks have been added or what changes, if we’d taken any risks out. Interestingly enough, I noticed over time we’ve never removed a risk, and then we’ve added several additional tabs to the excel workbook to hopefully make it a little more usable for people. We’ve got a pivot table that allows you to look at the risks in the various categories and then we’ve made a couple of other pivot tables where you’d be able to open that pivot table and then list the risks that pertain to your institution rather than having to try and deal with all of them. For instance, if you don't have a medical center, you may not care much about the medical center risks, so you can easily sort those out from the rest of the risks that you do have at your institution. And then we have a lot of flexibility to do whatever you’d like with it- whatever makes it more usable for you. If you want to divide it up, risks among departments, say athletics and athletics risks and student affairs and student type risks, that’s very easy to do. 


Jenny: That’s terrific. So, Brian, I know that you are a user of the Risk Inventory, so can you tell us a little bit about how you’ve used it or any idea or any practices that people could consider using it?


Brian: Sure. I’ve used it a couple different ways, so I’ll go into each way. It’s nice to have a curated list, an updated list of all of the risks that higher education faces. I’m a generalist by nature; I don’t have any depth of knowledge whatsoever. A friend of mine who became a general counsel at one point.. I said “well, what’s a general counsel?”, many years ago, and he said “well, I’m a practicing attorney and I focus my practice on labor relations. So in labor relations my depth of knowledge is a mile deep, but as it relates to the rest of the law, it’s about an inch wide. But now as the general counsel I have to have a base of knowledge that’s a mile wide, but only an inch deep.” I think risk managers have to think of that in the same way, and we’re often faced with areas where we don’t know much, you know, we know enough, but we don’t know much. So, I’ve used the risk inventory as a way of broadening my depth of knowledge. You know I’m going to go talk to someone from the finance department and I’ve worked closely with finance but I don’t know much about research funding so I go in and I look at the Risk Inventory and I start looking at the categories under the risk factors for research funding. That not only broadens my knowledge of that category and gives me some ability to go in and maybe do a little more research on timely closeout, or retaining faculty or what that means in the research world, but it also gives me the ability to know when I have to bring in a drilling rake to get a mile deep in an area when I’m talking to somebody about those categories. 


Jenny: Love that analogy. That’s awesome.


Brian: Thanks, that’s not my analogy believe me. So, and it’s great to be able to have this inventory to learn from others. Everybody has populated this with different factors and things like that. More recently, when it came to Wentworth I started thinking about a risk assessment, an enterprise-wide risk assessment, one of the things that I was charged with. As I looked at the Risk Inventory, I wanted to get a lot of information from a lot of different people in a very short amount of time to really create that risk assessment. So, I worked with our institutional effectiveness folks to create a survey on a tool called Key Survey, and it’s really divided into 7 or 8 categories, and it’s intended to go out to deans, directors, and department heads, so a broad base of individuals out there. I don’t have time to… I have informational sessions on this assessment, I also have videos on this assessment, but the other thing that I have is I have the categories from the Risk Inventory. I used the Risk Inventory as a foundation for that risk assessment, I went through it and, like Lou said, we don’t have a medical center, I got rid of that risk, and I really refined the risk and I found other areas where… You know Wentworth has a program that’s called Epic… C is for collaborative, E is for external, P is for program-based or practical experiene, I forget, and I needed to represent that in it, so I added that to the survey, and really refined this list to represent Wentworth’s risks. By adding the risk factors, when a person went into looking at a risk area, to rate a risk area 1-5 in likelihood and 1-5 in impact, and you’re looking at something like product liability, that might mean something to some of them, but not anything to everybody else, so they were given the ability to look at what those risk factors were, and I further refined the risk factors, but this was a great foundation; it really expedited the work I had to do on that assessment. 


Jenny: That’s great. I hadn’t heard anybody to use it quite like that. We’ve taken this tool on the road in presentations over the last few years and a lot of people use it as a conversation starter. You know like.. “Let’s talk about these 10 areas. Where are you on this??”, and kind of a check in just to open a dialogue. So, that really sounds good, Brian.


Brian: I think it really worked well. When you’re talking to senior leadership and they’re asking you where you’ve come up with the categories for your list assessment, you have a base in a great organizational knowledge and so it really helps you sell that risk assessment. 


Jenny: That’s terrific. So, Lou, when you heard Brian’s example there, with your taskforce, did you hear of any other examples of how people use it? 


Lou: Well there were several that were kind of along the lines of what Brian was talking about. One of the things that occurred to me, I was wishing after I discovered the Risk Inventory, it had been invented a little bit earlier, because I really could have used it in about 2012 and 2013 when UK, we were implementing our ERM program. That would have been a great basis to use to send out to our various departments to have them identify the risks, but we wound up having to do that from scratch, which made it a lot more difficult. So, if the Risk Inventory had been around at that time it would have been great for me.


Jenny: That would be really helpful. I mean enterprise risk management is just that. So I know I’m looking at the new version of the Risk Inventory on my screen right now, and I know aesthetically it’s really attractive, and the pivot tables that you mentioned earlier, I don’t want to intimidate anyone, they’re really easy to use and I’m not an excel expert, but I like pivot tables because it helps you get to the information that you want, and if it’s not useful for you, you can turn that off as well. I mean the aesthetic updates to it and the instructions are really nice, so I would urge people that have used an older version to always look for the newest version. Brian, it looks like you want to add something in.


Brian: No, I was just listening to you. I haven’t seen this version. 


Jenny: Lou, do you want to talk about the four newest areas of risk? I don’t think you’ve mentioned them by name yet, did you? 


Lou: No, actually I didn’t. We are adding, they’re not in there yet, they’ll be in the new version as it’s out, which hopefully it’ll be shortly. We added Esports as a risk and we had business incubators as a new risk that wasn’t on the old list, and robots, which were not on there, and facial recognition technology. So those are being added to the new one, and what I’m hoping is one of the changes that we made about a year ago was we used to keep all of the various versions of the risk inventory in the library, and we decided that that was really counterproductive because in the newest one we’re telling you the changes, so we removed the older versions and archived them, and we’re only keeping the latest version in the library, so I’m hoping as we move forward we’ll put this new version in, especially since it looks so much better than the old version. The one that will be there is the latest version and it will only be one document, which will include the changes and everything all in one document.


Lou’s cat: Meow. 


Jenny: So, if people have suggestions to add to the risk inventory, would you suggest they reach out to you, Lou, and tell you about those? 


Lou: Absolutely, and we’ll make sure we act on them immediately because that’s, you know, in everybody’s best interest.


Jenny: Well, any closing comments on the tool? 


Brian: All I have to say is: contribute. Everybody’s knowledge is important and if we don’t have everybody’s input we don’t have a full perspective of what the risks are, and this is a community that’s designed to help each other so I would just encourage everybody to take a look at this and contribute if you see something that’s missing. 


Jenny: Yeah, I… Oh, go ahead Lou.


Lou: I was going to say, and just to let people know what’s going on with the Risk Inventory and as we roll it out, hopefully this podcast will be very helpful to people. We’ll also do some other promotion of the Risk Inventory and have some instruction actually of how to use it. So look for that, too, that’ll be coming out very shortly.


Jenny: Terrific. Well, thank you so much to Brian Burns and Lou Drapeau for joining me today on URMIAmatters, and this’ll be a wrap! Thank you.


Brian: You’re welcome. It’s nice to be talking about something new. 


Lou: Thanks, Jenny.